cherry-pick

Author: subhashish-devtron

internal/sql/repository/security/ImageScanHistoryRepository.go

@@ -18,20 +18,79 @@
 package security
 
 import (
+	serverBean "github.com/devtron-labs/devtron/pkg/server/bean"
 	"github.com/go-pg/pg"
 	"go.uber.org/zap"
 	"time"
 )
 
 type ImageScanExecutionHistory struct {
-	tableName     struct{}  `sql:"image_scan_execution_history" pg:",discard_unknown_columns"`
-	Id            int       `sql:"id,pk"`
-	Image         string    `sql:"image,notnull"`
-	ImageHash     string    `sql:"image_hash,notnull"`
-	ExecutionTime time.Time `sql:"execution_time"`
-	ExecutedBy    int       `sql:"executed_by,notnull"`
+	tableName                       struct{}      `sql:"image_scan_execution_history" pg:",discard_unknown_columns"`
+	Id                              int           `sql:"id,pk"`
+	Image                           string        `sql:"image,notnull"`
+	ImageHash                       string        `sql:"image_hash,notnull"` // TODO Migrate to request metadata
+	ExecutionTime                   time.Time     `sql:"execution_time"`
+	ExecutedBy                      int           `sql:"executed_by,notnull"`
+	SourceMetadataJson              string        `sql:"source_metadata_json"`             // to have relevant info to process a scan for a given source type and subtype
+	ExecutionHistoryDirectoryPath   string        `sql:"execution_history_directory_path"` // Deprecated
+	SourceType                      SourceType    `sql:"source_type"`
+	SourceSubType                   SourceSubType `sql:"source_sub_type"`
+	ResourceScanExecutionResult     *ResourceScanExecutionResult
+	ScanToolExecutionHistoryMapping *ScanToolExecutionHistoryMapping
 }
 
+func (ed *ExecutionData) IsBuiltImage() bool {
+	return ed.SourceType == SourceTypeImage && ed.SourceSubType == SourceSubTypeCi
+}
+
+func (ed *ExecutionData) IsManifestImage() bool {
+	return ed.SourceType == SourceTypeImage && ed.SourceSubType == SourceSubTypeManifest
+}
+
+func (ed *ExecutionData) IsManifest() bool {
+	return ed.SourceType == SourceTypeCode && ed.SourceSubType == SourceSubTypeManifest
+}
+
+func (ed *ExecutionData) IsCode() bool {
+	return ed.SourceType == SourceTypeCode && ed.SourceSubType == SourceSubTypeCi
+}
+
+func (ed *ExecutionData) ContainsType(typeToCheck ResourceScanType) bool {
+	for _, scanType := range ed.Types {
+		if scanType == int(typeToCheck) {
+			return true
+		}
+	}
+	return false
+}
+
+type ExecutionData struct {
+	Image         string
+	ScanDataJson  string
+	StartedOn     time.Time
+	ScanToolName  string
+	SourceType    SourceType
+	SourceSubType SourceSubType
+	Types         []int `sql:"types" pg:",array"`
+	Status        serverBean.ScanExecutionProcessState
+}
+
+// multiple history rows for one source event
+type SourceType int
+
+const (
+	SourceTypeImage SourceType = 1
+	SourceTypeCode  SourceType = 2
+	SourceTypeSbom  SourceType = 3 // can be used in future for direct sbom scanning
+)
+
+type SourceSubType int
+
+const (
+	SourceSubTypeCi       SourceSubType = 1 // relevant for ci code(2,1) or ci built image(1,1)
+	SourceSubTypeManifest SourceSubType = 2 // relevant for devtron app deployment manifest/helm app manifest(2,2) or images retrieved from manifest(1,2))
+)
+
 type ImageScanHistoryRepository interface {
 	Save(model *ImageScanExecutionHistory) error
 	FindAll() ([]*ImageScanExecutionHistory, error)

internal/sql/repository/security/ResourceScanExecutionRepository.go

@@ -0,0 +1,53 @@
+package security
+
+import (
+	"github.com/go-pg/pg"
+	"go.uber.org/zap"
+)
+
+type ResourceScanExecutionResult struct {
+	tableName                   struct{}           `sql:"resource_scan_execution_result" pg:",discard_unknown_columns"`
+	Id                          int                `sql:"id,pk"`
+	ImageScanExecutionHistoryId int                `sql:"image_scan_execution_history_id"`
+	ScanDataJson                string             `sql:"scan_data_json"`
+	Format                      ResourceScanFormat `sql:"format"`
+	Types                       []ResourceScanType `sql:"types"`
+	ScanToolId                  int                `sql:"scan_tool_id"`
+}
+
+type ResourceScanFormat int
+
+const (
+	CycloneDxSbom ResourceScanFormat = 1 // SBOM
+	TrivyJson                        = 2
+	Json                             = 3
+)
+
+type ResourceScanType int
+
+const (
+	Vulnerabilities ResourceScanType = 1
+	License                          = 2
+	Config                           = 3
+	Secrets                          = 4
+)
+
+type ResourceScanResultRepository interface {
+	SaveInBatch(tx *pg.Tx, models []*ResourceScanExecutionResult) error
+}
+
+type ResourceScanResultRepositoryImpl struct {
+	dbConnection *pg.DB
+	logger       *zap.SugaredLogger
+}
+
+func NewResourceScanResultRepositoryImpl(dbConnection *pg.DB, logger *zap.SugaredLogger) *ResourceScanResultRepositoryImpl {
+	return &ResourceScanResultRepositoryImpl{
+		dbConnection: dbConnection,
+		logger:       logger,
+	}
+}
+
+func (impl ResourceScanResultRepositoryImpl) SaveInBatch(tx *pg.Tx, models []*ResourceScanExecutionResult) error {
+	return tx.Insert(&models)
+}

internal/sql/repository/security/ScanToolExecutionHistoryMapping.go

@@ -17,6 +17,7 @@ type ScanToolExecutionHistoryMapping struct {
 	ExecutionFinishTime         time.Time                            `sql:"execution_finish_time,notnull"`
 	State                       serverBean.ScanExecutionProcessState `sql:"state"`
 	TryCount                    int                                  `sql:"try_count"`
+	ErrorMessage                string                               `sql:"error_message"`
 	sql.AuditLog
 }